Archive change document management for user and permission management
Read the old state and match with the new data
Documents: The documents in the audit structure describe the audit steps. You can create them in accordance with your audit requirements. You can recognise documents by the symbol. Double-click on this icon to open the document.
If you now want to assign PFCG roles indirectly to users via the organisation management, you have to use evaluation methods. Evaluation paths define a chain of relationships between objects within a hierarchy. For example, they define how an organisational unit or a post can be assigned to another organisational unit. This relationship is set to the User ID. However, if the business partner has also been maintained in organisational management, there is no standard evaluation path for this case and the user assigned to the role is not found. However, since in SAP CRM the user IDs are not directly assigned to a post, but via the business partner, you have to make adjustments to the evaluation paths before you can assign the roles indirectly.
Limitations of authorization tools
As with an SAP_NEW role, it is possible to generate an SAP_APP role. As with the SAP_APP profile, all permissions are included here, except the base permissions and the HCM permissions. The ability to create this role with the report REGENERATE_SAP_APP exists after inserting the SAP note 1703299. This report generates a role that is fully usable for all applications. However, we recommend using this role only for development and test systems.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
If you want to know more about SAP authorizations, visit the website "www.sap-corner.de".
Simplified assignment and control of exception authorizations in SAP systems is required.